Method and apparatus for decrypting data blocks of a pattern-encrypted subsample

ABSTRACT

A method in a pattern encryption protection scheme may efficiently decrypt data blocks in a timely manner. In the method, a processor may receive a frame of data blocks. The frame may include a plurality of pattern-encrypted subsamples, and each pattern-encrypted subsample may include one or more encrypted data blocks and one or more unencrypted data blocks in accordance with a predetermined pattern. The processor may determine a first buffer portion and a second buffer portion based on a number of the data blocks in the frame and the predetermined pattern. The processor may sort the data blocks by copying the encrypted data blocks into the first buffer portion and by copying the unencrypted data blocks into the second data buffer portion. The processor may perform a decryption call to a crypto engine to generate corresponding decrypted data blocks using the sorted encrypted data blocks in the first buffer portion.

BACKGROUND Field

The present invention relates generally to decryption of data blocks ina pattern encryption protection scheme.

Background

The ISO/IEC 23001-7 standard details common encryption formats for usein files in accordance with the ISO base media file format as detailedin the ISO/IEC 14496-12 standard. The third edition of the ISO/IEC23001-7 standard specifies four protection schemes of common encryption:cenc, cbc1, cens, and cbcs. The cenc scheme uses AES-CTR-128 mode fullsample and video Network Abstraction Layer (NAL) Subsample encryption.The cbc1 scheme uses AES-CBC mode full sample and video NAL Subsampleencryption. The cens scheme uses AES-CTR-128 mode partial video NALpattern encryption. The cbcs scheme uses AES-CBC mode partial video NALpattern encryption. The cbcs and cens protection schemes, which usepattern encryption, were added in the third edition of the ISO/IEC23001-7 standard.

In pattern encryption, only a fraction (e.g., 1 of 10) of the datablocks within protected video subsamples are encrypted. The intent ofpattern encryption was to reduce the computational power required bydevices to decrypt video tracks. Unfortunately, the intended reductionin computational power may be accompanied by significant decryptiondelays.

There is therefore a need for techniques for decrypting data blocks, ofa pattern encryption protection scheme, in an efficient and timelymanner.

SUMMARY

An aspect of the present invention may reside in a method for decryptingdata blocks in a pattern encryption protection scheme using a processorwhich may be implemented in hardware. In the method, the processor mayreceive a frame of data blocks. The frame may include a plurality ofpattern-encrypted subsamples, and each pattern-encrypted subsample mayinclude one or more encrypted data blocks and one or more unencrypteddata blocks in accordance with a predetermined pattern. The processormay determine a first buffer portion and a second buffer portion basedon a number of the data blocks in the frame and the predeterminedpattern. The processor may sort the data blocks by copying the encrypteddata blocks into the first buffer portion and by copying the unencrypteddata blocks into the second data buffer portion. The processor mayperform a decryption call to a crypto engine to generate correspondingdecrypted data blocks using the sorted encrypted data blocks in thefirst buffer portion.

In more detailed aspects of the invention, the processor may store thedecrypted data blocks in the first buffer portion in place of theencrypted data blocks, and may reverse sort the decrypted data blocks inthe first buffer portion and the unencrypted data blocks in the seconddata buffer portion by copying the decrypted data blocks and theunencrypted data blocks to a sort buffer in accordance with thepredetermined data pattern. The predetermined pattern may be repeated apredetermined number of times in each pattern-encrypted subsample.

In other more detailed aspects of the invention, the encrypted datablocks may be copied into adjacent storage locations in the first bufferportion in accordance with an order of the encrypted data blocks in theframe, and the unencrypted data blocks may be copied into adjacentstorage locations in the second buffer portion in accordance with anorder of the unencrypted data blocks in the frame. Determining the firstbuffer portion and the second buffer portion may include calculating asort divider between storage locations of a buffer based on a number ofthe data blocks in the frame and the predetermined pattern.

In other more detailed aspects of the invention, the crypto engine maybe a hardware crypto engine operating in a non-pattern mode. Also, thecrypto engine may be in a secure execution environment, and may beimplemented using software in the secure execution environment.

Another aspect of the invention may reside in an apparatus, comprising:means for receiving a frame of data blocks, wherein the frame includes aplurality of pattern-encrypted subsamples, and each pattern-encryptedsubsample includes one or more encrypted data blocks and one or moreunencrypted data blocks in accordance with a predetermined pattern;means for determining a first buffer portion and a second buffer portionbased on a number of the data blocks in the frame and the predeterminedpattern; means for sorting the data blocks by copying the encrypted datablocks into the first buffer portion and by copying the unencrypted datablocks into the second data buffer portion; and means for performing adecryption call to a crypto engine to generate corresponding decrypteddata blocks using the sorted encrypted data blocks in the first bufferportion.

Another aspect of the invention may reside in an apparatus, comprising:a processor configured to: receive a frame of data blocks, wherein theframe includes a plurality of pattern-encrypted subsamples, and eachpattern-encrypted subsample includes one or more encrypted data blocksand one or more unencrypted data blocks in accordance with apredetermined pattern; determine a first buffer portion and a secondbuffer portion based on a number of the data blocks in the frame and thepredetermined pattern; sort the data blocks by copying the encrypteddata blocks into the first buffer portion and by copying the unencrypteddata blocks into the second data buffer portion; and perform adecryption call to a crypto engine to generate corresponding decrypteddata blocks using the sorted encrypted data blocks in the first bufferportion.

Another aspect of the invention may reside in a computer-readablemedium, comprising: code for causing a computer to receive a frame ofdata blocks, wherein the frame includes a plurality of pattern-encryptedsubsamples, and each pattern-encrypted subsample includes one or moreencrypted data blocks and one or more unencrypted data blocks inaccordance with a predetermined pattern; code for causing the computerto determine a first buffer portion and a second buffer portion based ona number of the data blocks in the frame and the predetermined pattern;code for causing the computer to sort the data blocks by copying theencrypted data blocks into the first buffer portion and by copying theunencrypted data blocks into the second data buffer portion; and codefor causing the computer to perform a decryption call to a crypto engineto generate corresponding decrypted data blocks using the sortedencrypted data blocks in the first buffer portion.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow diagram of a method for decrypting data blocks in apattern-encryption protection scheme, according to the presentinvention.

FIG. 2 is a block diagram of a computer including a processor and amemory.

FIG. 3 is a first schematic diagram of a technique for sorting datablocks of pattern-encrypted subsamples for decryption, according to thepresent invention.

FIG. 4 is a second schematic diagram of a technique for sorting datablocks of pattern-encrypted subsamples for decryption, according to thepresent invention.

FIG. 5 is a third schematic diagram of a technique for sorting datablocks of pattern-encrypted subsamples for decryption, according to thepresent invention.

FIG. 6 is a fourth schematic diagram of a technique for sorting datablocks of pattern-encrypted subsamples for decryption, according to thepresent invention.

FIG. 7 is a fifth schematic diagram of a technique for sorting datablocks of pattern-encrypted subsamples for decryption, according to thepresent invention.

FIG. 8 is a schematic diagram showing sorted and decrypted data blocks,according to the present invention.

FIG. 9 is a first schematic diagram of showing reverse sorting of datablocks, according to the present invention.

FIG. 10 is a second schematic diagram of showing reverse sorting of datablocks, according to the present invention.

FIG. 11 is a schematic diagram showing a predetermined pattern repeatedin a pattern-encrypted subsample, according to the present invention.

FIG. 12 is a block diagram of a hardware crypto engine and a centralprocessing unit having a secure-zone system architecture.

FIG. 13 is a first schematic diagram of another technique for sortingdata blocks of pattern-encrypted subsamples for decryption, according tothe present invention.

FIG. 14 is a second schematic diagram of another technique for sortingdata blocks of pattern-encrypted subsamples for decryption, according tothe present invention.

FIG. 15 is a third schematic diagram of another technique for sortingdata blocks of pattern-encrypted subsamples for decryption, according tothe present invention.

FIG. 16 is a block diagram of a system architecture of a wirelessnetwork infrastructure.

DETAILED DESCRIPTION

The word “exemplary” is used herein to mean “serving as an example,instance, or illustration.” Any embodiment described herein as“exemplary” is not necessarily to be construed as preferred oradvantageous over other embodiments.

With reference to FIGS. 1-8, an aspect of the present invention mayreside in a method 100 (FIG. 1) for decrypting data blocks 310 in apattern encryption protection scheme using a processor 210 which may beimplemented in hardware. In the method, the processor may receive aframe 320 of data blocks (step 110) The frame may include a plurality ofpattern-encrypted subsamples, and each pattern-encrypted subsample mayinclude one or more encrypted data blocks (e.g., 1SB-1 through 1SB-3)and one or more unencrypted data blocks (e.g., 1SB-4 through 1SB-10) inaccordance with a predetermined pattern. The processor may determine afirst buffer portion 330 and a second buffer portion 340 based on anumber of the data blocks in the frame and the predetermined pattern(step 120). The processor may sort the data blocks by copying theencrypted data blocks into the first buffer portion (e.g., FIGS. 3, 4and 5) (step 130), and by copying the unencrypted data blocks into thesecond data buffer portion (e.g., FIGS. 6 and 7). The processor mayperform a decryption call to a crypto engine 220 to generatecorresponding decrypted data blocks 810 using the sorted encrypted datablocks in the first buffer portion (FIG. 8) (step 140).

With reference to FIGS. 9 and 10, the processor 210 may store thedecrypted data blocks 810 in the first buffer portion 330 in place ofthe encrypted data blocks (step 150), and may reverse sort the decrypteddata blocks in the first buffer portion and the unencrypted data blocksin the second data buffer portion 340 by copying the decrypted datablocks and the unencrypted data blocks to a sort buffer (FIGS. 9 and 10)in accordance with the predetermined data pattern (step 160). Withreference to FIG. 11, the predetermined pattern may be repeated apredetermined number of times in each pattern-encrypted subsample.

The processor 210, the crypto engine 220, and the first and second databuffer portions, 330 and 340, may be included in a user equipment (UE).The UE may comprise a computer 200 that may include the processor 210having a secure zone system architecture, the crypto engine 220, astorage medium 230 such as memory and/or a disk drive, a display 240, aninput such as a keypad 250, and one or more wireless connections 260.The memory may include the first and second data buffer portions, 330and 340. The secure zone system architecture may comprise a TrustZone®(TZ) in accordance with the ARM security technology available from ARMLimited, of Cambridge, Great Britain.

According to the ISO/IEC 23001-7 standard, subsample encryption divideseach sample into one or more contiguous subsamples. Each subsample hasan unprotected part followed by a protected part. Pattern encryptionutilizes a pattern of encrypted and unencrypted (“skipped”) data blocksover the protected range of a subsample.

Video streams encrypted with any of the above common encryption schemesneed to be decrypted in a Trusted [Execution] Environment (TEE), such asthe TrustZone® in the ARM architecture. The TEE may be either hardwarecrypto engine or software running in ARM's TrustZone®, which preventshigher level operating system (HLOS) access to decrypted data.

However, decrypting each data block separately is very inefficient witha hardware crypto engine (HWCE) because of a high number of calls to theHWCE. A predicate (if/else) would determine the skipped data blocks fromthe encrypted data blocks. Then a call would be made to the HWCE for theencrypted data blocks. These HWCE operations are relatively inefficient.The round-trip time for each HWCE call for the encrypted data blocks isgenerally much longer than the decryption time. Also, each loop throughthe pattern would not be efficiently optimized by a compiler because thepredicate (if/else) must be determined at runtime.

An example may be reviewed with reference to the predetermined patternof three (3) encrypted data blocks and seven (7) skipped data blocks ofa cens description for twenty (22) data blocks, shown in FIG. 3. Theadjacent encrypted data blocks 1SB-1 through 1SB-3, 2SB-1 through 2SB-3,and 3SB-1 through 3SB-2, are each separated by skipped data blocks.Thus, for this example, three decryption calls (one for each set of theadjacent encrypted data blocks) would need to be made to the HWCE todecrypt the encrypted data blocks.

Note that the ratio in the predetermined pattern of encrypted data blockand skipped data blocks may be one (1) and (9), two (2) and eight (8),etc. Also, as shown in FIG. 11, the predetermined pattern may berepeated N times in a subsample.

The present invention relates to coalescing the encrypted data blockstogether and making one decryption call to the HWCE. Advantageously,this may allow efficient and timely handling of cens and cbcs protecteddata in a TEE using a HWCE running in cenc or cbc1 mode. Also, thepredetermined pattern (ratio) of encrypted data blocks and skipped datablocks in the original data is known, so a predicate (if/else) is notneeded because the loop parameters are known at compile time.

In an aspect of the invention, determining the first buffer portion 330and the second buffer portion 340 may include calculating a sort divider(SD) 350 between storage locations of an output buffer based on a numberof the data blocks 310 in the frame 320 and the predetermined pattern.The sort divider location 350 in the output buffer may be calculatedbased on the number of encrypted data blocks and skipped data blocks.The buffer portions and the output buffer may reside in the memory 230.

The encrypted data blocks may be copied into adjacent storage locationsin the first buffer portion 330 in accordance with an order of theencrypted data blocks in the frame 320, and the unencrypted/skipped datablocks also may be copied into adjacent storage locations in the secondbuffer portion 340 in accordance with an order of the unencrypted datablocks in the frame. In an aspect, a first loop may copy the encrypteddata blocks into the first buffer portion 330, and then a second loopmay copy the skipped data blocks into the second buffer portion 340,such that all of the encrypted data blocks are adjacent, and all of theskipped data blocks are adjacent.

More specifically, the first adjacent encrypted data blocks, 1SB-1,1SB-2 and 1SB-3, may be copied into the first buffer portion 330, asshown in FIG. 3. Next, the second adjacent encrypted data blocks, 2SB-1,2SB-2 and 2SB-3, may be copied into the first buffer portion, as shownin FIG. 4. Next, the third adjacent encrypted data blocks, 3SB-1 and3SB-2, may be copied into the first buffer portion, as shown in FIG. 5.Thus, the encrypted data blocks may be contiguous in the first bufferportion. Then the unencrypted/skipped data blocks, 1SB-4 through 1SB-10,may be copied into the second buffer portion 340 as shown in FIG. 6.Next, the skipped data blocks, 2SB-4 through 2SB-10, may be copied intothe second buffer portion as shown in FIG. 7.

The sorted/adjacent encrypted data blocks may be decrypted using onedecryption call to the HWCE resulting in the respective adjacentdecrypted data blocks 810, as shown in FIG. 8. Using only one decryptioncall greatly decreases delay associated with setting up multipledecryption calls associated with unsorted encrypted data blocks in apattern encryption scheme.

The decrypted data blocks and the skipped data blocks may be reversesorted into their corresponding positions using a first loop for thedecrypted data blocks, and a second loop for the skipped data blockblocks. Again, the predetermined pattern (ratio) of decrypted datablocks and skipped data blocks is known at compile time, so the compilercan optimize each of the reverse sort loops.

The reverse sort may be performed by copying decrypted data blocks,1SB-1, 1SB-2, 1SB-3, 2SB-1, 2SB-2, 2SB-3, 3SB-1 and 3SB-2, into theoutput buffer as shown in FIG. 9, and then copying the skipped datablocks 1SB-4 through 1SB-10 and 2SB-4 through 2SB-10, into the outputbuffer as shown in FIG. 10.

The sorting step may be implemented as follows:

-   -   Set x=0, y=0    -   Loop 1 for each (pattern repeat ‘i’)        -   1. memcpy(output[y], input[x], n)        -   2. Set x=(n+m)*i, y=n*i    -   Set x=n, y=sd    -   Loop 2 for each (pattern repeat ‘i’)        -   1. memcpy(output[y], input[x], m)        -   2. x=(n+m)*i, y=m*i    -   where n=the encryption pattern length (3 in FIG. 3), m=the skip        pattern length (7 in FIG. 3), n+m=the total pattern length (10        in FIG. 3), sd=the skip divider location (4 in FIG. 3), x=the        current input buffer offset, and y=the current output buffer        offset.

The decryption step may be implemented as follows:

-   -   Set x=0, y=0, IV=0    -   Decrypt HWCE(Output[y], Input[x], n*    -   where IV is an initialization vector.

The reverse sorting step may be implemented as follows:

-   -   Set x=sd−n, y=end−n    -   E Loop 1 for each (pattern repeat ‘i’)        -   1. memcpy(output[y], input[x], n)        -   2. Set x−=(n+m)*i, y−(n+m)*i    -   Reset x=end-m, y=end-n-m    -   S Loop 2 foreach (pattern repeat ‘i’)        -   1. memcpy(output[y], input[x], m)        -   2. Set x−=(m), y−=(n+m)

Note that the data may be incomplete with respect to the predeterminedpattern. With reference to FIG. 8, the last repetition ‘i’ ends with thetwo decrypted data blocks 3SB-1 and 3SB-2. Missing in the last patternis another decrypted data block, followed by seven (7) skipped datablocks. The sorting/reverse sorting routines may take these situationsinto account with additional logic for a final iteration. Theoptimizations provided by these routines may be achieved in the mainloops. Another call to the HWCE may be required in by the additionallogic of the final iteration.

In another example, an input buffer may be 2 MBytes, and the patternlength may be 160 bytes. Accordingly, the pattern would repeat about13107 times. Thus, the number of calls to the HWCE may be dramaticallyreduced.

In other more detailed aspects of the invention, the crypto engine 220may be a HWCE operating in a non-pattern mode. Also, the crypto enginemay be in a secure execution environment, and may be implemented usingsoftware in the secure execution environment.

Another aspect of the invention may reside in an apparatus, comprising:means (e.g., processor 210) for receiving a frame 320 of data blocks310, wherein the frame includes a plurality of pattern-encryptedsubsamples, and each pattern-encrypted subsample includes one or moreencrypted data blocks and one or more unencrypted data blocks inaccordance with a predetermined pattern; means (e.g., processor 210) fordetermining a first buffer portion 330 and a second buffer portion 340based on a number of the data blocks in the frame and the predeterminedpattern; means (e.g., processor 210) for sorting the data blocks bycopying the encrypted data blocks into the first buffer portion and bycopying the unencrypted data blocks into the second data buffer portion;and means (e.g., processor 210) for performing a decryption call to acrypto engine 220 to generate corresponding decrypted data blocks usingthe sorted encrypted data blocks in the first buffer portion.

In more detailed aspects of the invention, the apparatus may furthercomprise: means (e.g., processor 210) for storing the decrypted datablocks in the first buffer portion 330 in place of the encrypted datablocks; and means (e.g., processor 210) for reverse sorting thedecrypted data blocks in the first buffer portion 330 and theunencrypted data blocks in the second data buffer portion 340 by copyingthe decrypted data blocks and the unencrypted data blocks to a sortbuffer in accordance with the predetermined data pattern. Also, themeans for determining the first buffer portion and the second bufferportion may include means (e.g., processor 210) for calculating a sortdivider 350 between storage locations of a buffer based on a number ofthe data blocks 310 in the frame 320 and based on the predeterminedpattern.

Another aspect of the invention may reside in an apparatus, comprising:a processor 210 configured to: receive a frame 320 of data blocks 310,wherein the frame includes a plurality of pattern-encrypted subsamples,and each pattern-encrypted subsample includes one or more encrypted datablocks and one or more unencrypted data blocks in accordance with apredetermined pattern; determine a first buffer portion 330 and a secondbuffer portion 340 based on a number of the data blocks in the frame andthe predetermined pattern; sort the data blocks by copying the encrypteddata blocks into the first buffer portion and by copying the unencrypteddata blocks into the second data buffer portion; and perform adecryption call to a crypto engine 220 to generate correspondingdecrypted data blocks using the sorted encrypted data blocks in thefirst buffer portion.

In more detailed aspects of the invention, the processor 210 may befurther configured to: store the decrypted data blocks in the firstbuffer portion 330 in place of the encrypted data blocks; and reversesort the decrypted data blocks in the first buffer portion 330 and theunencrypted data blocks in the second data buffer portion 340 by copyingthe decrypted data blocks and the unencrypted data blocks to a sortbuffer in accordance with the predetermined data pattern.

Another aspect of the invention may reside in a computer-readablemedium, comprising: code for causing a computer 200 to receive a frame320 of data blocks 310, wherein the frame includes a plurality ofpattern-encrypted subsamples, and each pattern-encrypted subsampleincludes one or more encrypted data blocks and one or more unencrypteddata blocks in accordance with a predetermined pattern; code for causingthe computer to determine a first buffer portion 330 and a second bufferportion 340 based on a number of the data blocks in the frame and thepredetermined pattern; code for causing the computer to sort the datablocks by copying the encrypted data blocks into the first bufferportion and by copying the unencrypted data blocks into the second databuffer portion; and code for causing the computer to perform adecryption call to a crypto engine 220 to generate correspondingdecrypted data blocks using the sorted encrypted data blocks in thefirst buffer portion.

With reference to FIG. 12, a example of a TEE and a HWCE 1220 is shown.A CPU/processor 1210 may be a system-on-a-chip incorporating ARM'sTrust-Zone®. The TEE has a non-secure zone for user applications, and akernel and drivers for the HLOS. A user application may make calls tothe HWCE through HLOS pipes. The TEE also has a secure zone for trustedapplications, such a DRM, and a TEE kernel and a crypto driver. Thetrusted application may make calls to the HWCE through TZ pipes.

In an alternative aspect of the invention, the data blocks may besequentially sorted. Encrypted data blocks 1SB-1 through 1SB-3 may becopied into the first buffer portion 330, and skipped data blocks 1SB-4through 1SB-10 may be copied into the second buffer portion 340, asshown in FIG. 13. Next, the encrypted data blocks, 2SB-1 through 2SB-3may be copied into the first buffer portion, and skipped data blocks2SB-4 through 2SB-10 may be copied into the second buffer portion 340,as shown in FIG. 14. Finally, encrypted data blocks, 3SB-1 and 3SB-2,may be copied into the first buffer portion, as shown in FIG. 15.

FIG. 16 shows the system architecture 1600 of a next generation wirelessnetwork infrastructure (i.e., 5G). A User Equipment (UE), e.g., computer200, may be connected to either an Access Network (AN) or a Radio AN((R)AN) as well as an Access and Mobility Function (AMF). The RANrepresents a base station using, for example, evolved LTE while an AN isa general base station including non-3GPP access, e.g., Wi-Fi. The corenetwork generally may include the AMF, a Session Management Function(SMF), a Policy Control Function (PCF), an Application Function (AF), anAuthentication Server Function (AUSF), a User Plane Function (UPF), aUser Data Management (UDM), and a Data Network connection (DN). Moredetails regarding may be found in 3GPP TS 23.501: “System Architecturefor the 5G System”.

A typical wireless mobile station/UE may include a handheld phone, or alaptop computer. The wireless communication system may employ any one ofa number of multiple access techniques such as code division multipleaccess (CDMA), time division multiple access (TDMA), frequency divisionmultiple access (FDMA), space division multiple access (SDMA),polarization division multiple access (PDMA), or other modulationtechniques known in the art.

Those of skill in the art would understand that information and signalsmay be represented using any of a variety of different technologies andtechniques. For example, data, instructions, commands, information,signals, bits, symbols, and chips that may be referenced throughout theabove description may be represented by voltages, currents,electromagnetic waves, magnetic fields or particles, optical fields orparticles, or any combination thereof.

Those of skill would further appreciate that the various illustrativelogical blocks, modules, circuits, and algorithm steps described inconnection with the embodiments disclosed herein may be implemented aselectronic hardware, computer software, or combinations of both. Toclearly illustrate this interchangeability of hardware and software,various illustrative components, blocks, modules, circuits, and stepshave been described above generally in terms of their functionality.Whether such functionality is implemented as hardware or softwaredepends upon the particular application and design constraints imposedon the overall system. Skilled artisans may implement the describedfunctionality in varying ways for each particular application, but suchimplementation decisions should not be interpreted as causing adeparture from the scope of the present invention.

The various illustrative logical blocks, modules, and circuits describedin connection with the embodiments disclosed herein may be implementedor performed with a general purpose processor, a digital signalprocessor (DSP), an application specific integrated circuit (ASIC), afield programmable gate array (FPGA) or other programmable logic device,discrete gate or transistor logic, discrete hardware components, or anycombination thereof designed to perform the functions described herein.A general purpose processor may be a microprocessor, but in thealternative, the processor may be any conventional processor,controller, microcontroller, or state machine. A processor may also beimplemented as a combination of computing devices, e.g., a combinationof a DSP and a microprocessor, a plurality of microprocessors, one ormore microprocessors in conjunction with a DSP core, or any other suchconfiguration.

The steps of a method or algorithm described in connection with theembodiments disclosed herein may be embodied directly in hardware, in asoftware module executed by a processor, or in a combination of the two.A software module may reside in RAM memory, flash memory, ROM memory,EPROM memory, EEPROM memory, registers, hard disk, a removable disk, aCD-ROM, or any other form of storage medium known in the art. Anexemplary storage medium is coupled to the processor such the processorcan read information from, and write information to, the storage medium.In the alternative, the storage medium may be integral to the processor.The processor and the storage medium may reside in an ASIC. The ASIC mayreside in a user terminal. In the alternative, the processor and thestorage medium may reside as discrete components in a user terminal.

In one or more exemplary embodiments, the functions described may beimplemented in hardware, software, firmware, or any combination thereof.If implemented in software as a computer program product, the functionsmay be stored on or transmitted over as one or more instructions or codeon a computer-readable medium. The code may be executed by the processorof the computer. Computer-readable media includes both non-transitorycomputer-readable storage media and communication media including anymedium that facilitates transfer of a computer program from one place toanother. A storage media may be any available media that can be accessedby a computer. By way of example, and not limitation, suchcomputer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or otheroptical disk storage, magnetic disk storage or other magnetic storagedevices, or any other medium that can be used to carry or store desiredprogram code in the form of instructions or data structures and that canbe accessed by a computer. Also, any connection is properly termed acomputer-readable medium. For example, if the software is transmittedfrom a website, server, or other remote source using a coaxial cable,fiber optic cable, twisted pair, digital subscriber line (DSL), orwireless technologies such as infrared, radio, and microwave, then thecoaxial cable, fiber optic cable, twisted pair, DSL, or wirelesstechnologies such as infrared, radio, and microwave are included in thedefinition of medium. Disk and disc, as used herein, includes compactdisc (CD), laser disc, optical disc, digital versatile disc (DVD),floppy disk and blu-ray disc where disks usually reproduce datamagnetically, while discs reproduce data optically with lasers.Combinations of the above should also be included within the scope ofcomputer-readable media.

The previous description of the disclosed embodiments is provided toenable any person skilled in the art to make or use the presentinvention. Various modifications to these embodiments will be readilyapparent to those skilled in the art, and the generic principles definedherein may be applied to other embodiments without departing from thespirit or scope of the invention. Thus, the present invention is notintended to be limited to the embodiments shown herein but is to beaccorded the widest scope consistent with the principles and novelfeatures disclosed herein.

What is claimed is:
 1. A method for decrypting data blocks, comprising:receiving, by a processor, a frame of data blocks, wherein the frameincludes a plurality of pattern-encrypted subsamples, and eachpattern-encrypted subsample includes one or more encrypted data blocksand one or more unencrypted data blocks in accordance with apredetermined pattern; determining, by the processor, a first bufferportion and a second buffer portion based on a number of the data blocksin the frame and the predetermined pattern; sorting, by the processor,the data blocks by copying the encrypted data blocks into adjacentstorage locations in the first buffer portion in accordance with anorder of the encrypted data blocks in the frame; and performing, by theprocessor, a decryption call to a crypto engine to generatecorresponding decrypted data blocks using the sorted encrypted datablocks in the first buffer portion.
 2. The method of claim 1, whereinsorting the data blocks further includes copying the unencrypted datablocks into adjacent storage locations in the second data buffer portionin accordance with an order of the unencrypted data blocks in the frame.3. The method of claim 2, further comprising: storing, by the processor,the decrypted data blocks in the first buffer portion in place of theencrypted data blocks; and reverse sorting, by the processor, thedecrypted data blocks in the first buffer portion and the unencrypteddata blocks in the second data buffer portion by copying the decrypteddata blocks and the unencrypted data blocks to a sort buffer inaccordance with the predetermined data pattern.
 4. The method of claim1, wherein determining the first buffer portion and the second bufferportion includes calculating a sort divider between storage locations ofa buffer based on a number of the data blocks in the frame and based onthe predetermined pattern.
 5. The method of claim 1, wherein the cryptoengine is a hardware crypto engine operating in a non-pattern mode. 6.The method of claim 1, wherein the crypto engine is in a secureexecution environment.
 7. The method of claim 6, wherein the cryptoengine is implemented using software in the secure executionenvironment.
 8. The method of claim 1, wherein the predetermined patternis repeated a predetermined number of times in each pattern-encryptedsubsample.
 9. The method of claim 1, wherein the processor isimplemented in hardware.
 10. An apparatus, comprising: means forreceiving a frame of data blocks, wherein the frame includes a pluralityof pattern-encrypted subsamples, and each pattern-encrypted subsampleincludes one or more encrypted data blocks and one or more unencrypteddata blocks in accordance with a predetermined pattern; means fordetermining a first buffer portion and a second buffer portion based ona number of the data blocks in the frame and the predetermined pattern;means for sorting the data blocks by copying the encrypted data blocksinto adjacent storage locations in the first buffer portion inaccordance with an order of the encrypted data blocks in the frame; andmeans for performing a decryption call to a crypto engine to generatecorresponding decrypted data blocks using the sorted encrypted datablocks in the first buffer portion.
 11. The apparatus of claim 10,wherein the means for sorting further includes sorting the data blocksby copying the unencrypted data blocks into adjacent storage locationsin the second data buffer portion in accordance with an order of theunencrypted data blocks in the frame.
 12. The apparatus of claim 11,further comprising: means for storing the decrypted data blocks in thefirst buffer portion in place of the encrypted data blocks; and meansfor reverse sorting the decrypted data blocks in the first bufferportion and the unencrypted data blocks in the second data bufferportion by copying the decrypted data blocks and the unencrypted datablocks to a sort buffer in accordance with the predetermined datapattern.
 13. The apparatus of claim 10, wherein the means fordetermining the first buffer portion and the second buffer portionincludes means for calculating a sort divider between storage locationsof a buffer based on a number of the data blocks in the frame and basedon the predetermined pattern.
 14. The apparatus of claim 10, wherein thecrypto engine is a hardware crypto engine operating in a non-patternmode.
 15. An apparatus, comprising: a processor; and a non-transitorycomputer-readable medium comprising instructions executable by theprocessor, wherein when the processor executes the instructions, theprocessor is configured to: receive a frame of data blocks, wherein theframe includes a plurality of pattern-encrypted subsamples, and eachpattern-encrypted subsample includes one or more encrypted data blocksand one or more unencrypted data blocks in accordance with apredetermined pattern; determine a first buffer portion and a secondbuffer portion based on a number of the data blocks in the frame and thepredetermined pattern; sort the data blocks by copying the encrypteddata blocks into adjacent storage locations in the first buffer portionin accordance with an order of the encrypted data blocks in the frame;and perform a decryption call to a crypto engine to generatecorresponding decrypted data blocks using the sorted encrypted datablocks in the first buffer portion.
 16. The apparatus of claim 15,wherein the processor is further configured to sort the data blocks bycopying the unencrypted data blocks into adjacent storage locations inthe second data buffer portion in accordance with an order of theunencrypted data blocks in the frame.
 17. The apparatus of claim 16,wherein the processor is further configured to: store the decrypted datablocks in the first buffer portion in place of the encrypted datablocks; and reverse sort the decrypted data blocks in the first bufferportion and the unencrypted data blocks in the second data bufferportion by copying the decrypted data blocks and the unencrypted datablocks to a sort buffer in accordance with the predetermined datapattern.
 18. The apparatus of claim 15, wherein to determine the firstbuffer portion and the second buffer portion includes to calculate asort divider between storage locations of a buffer based on a number ofthe data blocks in the frame and based on the predetermined pattern. 19.The apparatus of claim 15, wherein the crypto engine is a hardwarecrypto engine operating in a non-pattern mode.
 20. The apparatus ofclaim 15, wherein the crypto engine is in a secure executionenvironment.
 21. The apparatus of claim 20, wherein the crypto engine isimplemented using software in the secure execution environment.
 22. Theapparatus of claim 15, wherein the predetermined pattern is repeated apredetermined number of times in each pattern-encrypted subsample.
 23. Anon-transitory computer-readable medium, comprising: code for causing acomputer to receive a frame of data blocks, wherein the frame includes aplurality of pattern-encrypted subsamples, and each pattern-encryptedsubsample includes one or more encrypted data blocks and one or moreunencrypted data blocks in accordance with a predetermined pattern; codefor causing the computer to determine a first buffer portion and asecond buffer portion based on a number of the data blocks in the frameand the predetermined pattern; code for causing the computer to sort thedata blocks by copying the encrypted data blocks into adjacent storagelocations in the first buffer portion in accordance with an order of theencrypted data blocks in the frame; and code for causing the computer toperform a decryption call to a crypto engine to generate correspondingdecrypted data blocks using the sorted encrypted data blocks in thefirst buffer portion.
 24. The non-transitory computer-readable medium ofclaim 23, further comprising code for causing the computer to sort thedata blocks by copying the unencrypted data blocks into adjacent storagelocations in the second data buffer portion in accordance with an orderof the unencrypted data blocks in the frame.
 25. The non-transitorycomputer-readable medium of claim 24, further comprising: code forcausing a computer to store the decrypted data blocks in the firstbuffer portion in place of the encrypted data blocks; and code forcausing a computer to reverse sort the decrypted data blocks in thefirst buffer portion and the unencrypted data blocks in the second databuffer portion by copying the decrypted data blocks and the unencrypteddata blocks to a sort buffer in accordance with the predetermined datapattern.
 26. The non-transitory computer-readable medium of claim 23,wherein code for causing a computer to determine the first bufferportion and the second buffer portion includes code for causing acomputer to calculate a sort divider between storage locations of abuffer based on a number of the data blocks in the frame and based onthe predetermined pattern.
 27. The non-transitory computer-readablemedium of claim 23, wherein the predetermined pattern is repeated apredetermined number of times in each pattern-encrypted subsample.